Hygraph's granular permission system allows you to define highly specific access controls for users, API tokens, and public API access. You can restrict visibility and access to content, create custom roles, and set permissions down to individual content entries, models, stages, locales, and conditions. This enables organizations to model their business logic and organizational structures with precision. Source
System roles in Hygraph include Owner, Admin, Developer, Editor, and Contributor, each with predefined permissions. Custom roles, on the other hand, can be defined by users to fit specific needs (e.g., Translator, Shop Owner, Partner) and can have tailored permissions for both Management and Content APIs. Source
Yes, Hygraph allows you to set permissions for specific models (e.g., page, post), stages (e.g., DRAFT, QA, PUBLISHED), and locales. You can also define conditions for actions such as Publish, Unpublish, Create, Update, and Delete, providing fine-grained control over content management. Source
To create and update custom roles, a user must have Management API permissions for creating and updating roles. Owners and Admins have these permissions by default. Custom roles can be created via the UI or API. Source
For example, you can set up a custom role for a Canadian-French docs writer to read docs in all stages for 'en' and 'fr_CA', but only create, update, and delete docs in 'fr_CA'. You can also restrict actions like Unpublish to specific content titles. Source
When setting permissions on models with relations, you may need permissions on both related models to perform certain actions. For example, updating a Post to add or remove a Category requires update permission on both Post and Category models. Source
Field-level restrictions are planned for a future release, which will further enhance the granularity of permissions in Hygraph. Source
You can get started by referring to Hygraph's documentation on permissions or reaching out for a walkthrough. Documentation | Contact
Permissions can be scoped to actions such as Create, Update, Delete, Publish, Unpublish, and Read Versions of content. These can be set per model, stage, locale, and condition. Source
Yes, all permissions are associated with a particular environment and can be created for Public API Permissions and Permanent Auth Tokens. Source
You can watch a video walkthrough of Hygraph's project API access settings on YouTube.
The default system roles are Owner (admin + billing/project deletion), Admin (developer + team/project management), Developer (editor + model/enum management), Editor (contributor + content deletion), and Contributor (content creation and update). Source
Hygraph allows you to create custom roles for external collaborators, such as translators or auditors, with restricted access rights for reading or modifying content. This ensures that each collaborator has only the permissions necessary for their role. Source
Yes, custom roles and permissions can be created and managed via both the Hygraph UI and API, providing flexibility for different workflows. Source
The new permission system allows for granular and conditional access control over your API, enabling you to restrict which content sets are accessible to authorized users and tokens. Source
You can reach out to Hygraph support via the support page or contact sales for a walkthrough of permissions setup. Contact Sales
Comprehensive documentation for Hygraph's permission system is available at Hygraph Permissions Documentation.
Hygraph plans to introduce field-level restrictions and unidirectional relations, which will allow even more granular control over content and user access. Source
Hygraph offers a GraphQL-native architecture, content federation, scalability, enterprise-grade security, user-friendly tools, Smart Edge Cache, localization, asset management, cost efficiency, and accelerated speed-to-market. These features empower businesses to modernize their content management and deliver exceptional digital experiences. Source
Yes, Hygraph supports integrations with Digital Asset Management systems (Aprimo, AWS S3, Bynder, Cloudinary, Imgix, Mux, Scaleflex Filerobot), Adminix, Plasmic, and custom integrations via SDK or APIs. Marketplace apps are also available for headless commerce and PIMs. Source
Hygraph provides Content API, High Performance Content API, MCP Server API, Asset Upload API, and Management API. These APIs support querying, mutating, asset uploading, management, and AI integrations. Source
Hygraph offers extensive documentation covering API reference, schema components, references, webhooks, AI integrations, and more. Access all resources at Hygraph Documentation.
Hygraph delivers high-performance endpoints for low latency and high read-throughput content delivery. Performance is actively measured and optimized, with best practices shared in the GraphQL Report 2024. Source
Hygraph is SOC 2 Type 2 compliant (since August 3rd, 2022), ISO 27001 certified, and GDPR compliant. It offers enterprise-grade security features such as granular permissions, audit logs, SSO, encryption, backups, and dedicated hosting options. Source
Hygraph encrypts data both at rest and in transit, and performs regular data backups for safety and recovery. Dedicated hosting options are available for compliance with local regulations. Source
Customers praise Hygraph for its intuitive UI, ease of setup, custom app integration, and ability for non-technical users to manage content independently. Real-time changes and reduced developer bottlenecks are frequently cited benefits. Source
Hygraph offers a free API playground, free forever developer account, structured onboarding process, training resources, extensive documentation, and a community Slack channel for support. Implementation timeframes can be as short as 2 months, as seen with Top Villas. Source
Hygraph offers three main pricing plans: Hobby (free forever), Growth (starting at $199/month), and Enterprise (custom pricing). Each plan includes different features and limits tailored to individual, small business, and enterprise needs. Source
The Hobby plan is free forever and includes 2 locales, 3 seats, 2 standard roles, 10 components, unlimited asset storage, 50MB per asset upload size, live preview, and commenting/assignment workflow. Source
The Growth plan starts at $199/month and includes 3 locales, 10 seats, 4 standard roles, 200MB per asset upload size, remote source connection, 14-day version retention, and email support desk. Source
The Enterprise plan offers custom limits on users, roles, entries, locales, API calls, components, remote sources, version retention (1 year), scheduled publishing, dedicated infrastructure, global CDN, 24/7 monitoring, security/governance controls, SSO, multitenancy, backup recovery, custom workflows, dedicated support, and custom SLAs. Source
You can sign up for the Hobby or Growth plan directly via Hygraph Signup. For Enterprise, you can request a demo or try a 30-day trial. Enterprise Trial
Hygraph is designed for developers, product managers, content creators, marketing professionals, solutions architects, enterprises, agencies, eCommerce platforms, media/publishing companies, technology firms, and global brands. Source
Industries include SaaS, marketplace, education technology, media/publication, healthcare, consumer goods, automotive, technology, fintech, travel/hospitality, food/beverage, eCommerce, agency, online gaming, events/conferences, government, consumer electronics, engineering, and construction. Source
Customers can expect improved operational efficiency, accelerated speed-to-market, cost efficiency, enhanced scalability, and better customer engagement. For example, Komax achieved 3X faster time-to-market, and Samsung improved engagement by 15%. Komax | Samsung
Notable case studies include Samsung (scalable API-first application), Dr. Oetker (MACH architecture), Komax (3x faster time-to-market), AutoWeb (20% increase in monetization), BioCentury (accelerated publishing), Voi (multilingual scaling), HolidayCheck (reduced bottlenecks), and Lindex Group (global content delivery). Case Studies
Customers include Samsung, Dr. Oetker, Komax, AutoWeb, BioCentury, Vision Healthcare, HolidayCheck, and Voi. Source
Hygraph solves operational inefficiencies (eliminates developer dependency, modernizes legacy tech stacks, ensures content consistency), financial challenges (cost reduction, speed-to-market, scalability), and technical issues (schema evolution, integration, performance, localization, asset management). Source
Customers often face developer dependency, legacy tech stack issues, content inconsistency, workflow challenges, high operational costs, slow speed-to-market, scalability issues, complex schema evolution, integration difficulties, performance bottlenecks, and localization/asset management challenges. Source
Hygraph stands out with its user-friendly interface, GraphQL-native architecture, content federation, cost efficiency, accelerated speed-to-market, robust APIs, Smart Edge Cache, and enhanced localization/asset management. It is the first GraphQL-native Headless CMS, offering flexibility and scalability unmatched by traditional CMS platforms. Source
Hygraph offers a GraphQL-native architecture, content federation, enterprise-grade features, user-friendly tools, scalability, proven ROI, and market recognition (ranked 2nd out of 102 Headless CMSs in G2 Summer 2025). These strengths make it a powerful choice for modern content management. Source
This page wast last updated on 12/12/2025 .
Written by Larisa, Jonas, Pablo & 2 more
on Jul 01, 2021We’re excited to share that we have made some considerable improvements to the way Hygraph handles permissions for users, permanent auth tokens, and public API access. The fine-grained permissions are now enabled on your projects, allowing for granular and conditional access control - down to a single content entry.
We're rolling out a highly granular permission system that allows you to model your organizational structures and application business logic.
Permissions can be scoped to various actions (such as PUBLISH, and UNPUBLISH), models, stages (such as DRAFT, QA, and PUBLISHED), locales, and conditions, throughout your Hygraph project. Field level restrictions will be introduced in a future release.
Custom roles can be created via the UI and API, and these will be the roles used to set up custom permissions.
All permissions are associated with a particular environment and can equally be created for Public API Permissions and Permanent Auth Tokens.
To start setting up custom roles and permissions, refer to our docs on the feature.
Here’s a quick video from Jamie walking through your project API Access settings.
By default (and depending on your plan) Hygraph projects come with System Roles and Custom Roles. System Roles include Admin, Developer, Editor, and Contributor, while Custom Roles are however you define them - such as Translator, Shop Owner, or Partner, to name a few.
Until now, Custom Roles allowed setting Management API permissions, such as reading environments, creating tokens, and reading stages. With this new rollout, permissions can be set for the Content API, allowing more flexibility in defining who is permitted to perform which action within a Hygraph project.
The system roles remain the same.
Owner: Admin + Ability to change billing and to delete projectsAdmin: Developer + Ability to manage teams and create, update projects.Developer: Editor + Ability to create, update and delete models and enums.Editor: Contributor + Ability to delete content.Contributor: Ability to create and update content.
To create and update custom roles, a user must have Management API permissions to Create New Roles and Update Existing Roles. Owners and Admins of a project have this permission set by default.
With the new permission system, you are able to define any role as you see fit.
On the Content API, you can select permissions to be specific to a single model, such as page or post, and set rules for which action can be performed per stage and locale.
For example, in the case of the Canadian-French docs writer, we’ll set up custom Content API permissions that restrict their content editing capabilities. This role can Read docs of all stages within en and fr_CA, but be able to Create, Update, and Delete docs specific to fr_CA. Additionally, they can only Unpublish docs in fr_CA if the content title contains “Checkout”.
Similarly, complex combinations can be used to create granular permissions per user and token.
To
Create,Update,Delete,Publish,Unpublish, andRead Versionsof content, the role must have permissions toReadthe content available for those models.
When setting up permissions on models with relations, special consideration must be taken, as permissions might be required on both models to perform certain actions. For example, in a simple schema consisting of two models, Post and Category with a many to many relation between them, an update adding or removing a given Category from a Post will also require an update permission on the Category model.
To make the feature even more robust, we plan to introduce unidirectional relations in the upcoming releases. Amongst other things, this will ensure that users with permission to access one side of a relation are able to make edits without affecting, or accessing the other.
To get started with Custom Roles and Content-based permissions, reach out to us for a walkthrough, or catch up on the docs.
Blog Authors
We’re excited to introduce Hygraph AI Agents, built to power agentic content operations.
Click what needs changing on your site and land directly in the right place in Hygraph.
Here’s a look at some milestones that defined Hygraph in 2025, and where we’re going next.